• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제22권6호
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• ETRI Journal
• /
• 제33권5호
• /
• pp.770-779
• /
• 2011

Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events.

• Convergence Security Journal
• /
• 제16권5호
• /
• pp.41-48
• /
• 2016

In this paper we propose a new method of security visualization, VisFlow, using traffic flows to solve the problems of existing traffic flows based visualization techniques that were a loss of end-to-end semantics of communication, reflection problem by symmetrical address coordinates space, and intuitive loss problem in mass of traffic. VisFlow, a simple and effective security visualization interface, can do a real-time analysis and monitoring the situation in the managed network with visualizing a variety of network behavior not seen in the individual traffic data that can be shaped into patterns. This is a way to increase the intuitiveness and usability by identifying the role of nodes and by visualizing the highlighted or simplified information based on their importance in 2D/3D space. In addition, it monitor the network security situation as a way to increase the informational effectively using the asymmetrical connecting line based on IP addresses between pairs of nodes. Administrator can do a real-time analysis and monitoring the situation in the managed network using VisFlow, it makes to effectively investigate the massive traffic data and is easy to intuitively understand the entire network situation.

• Convergence Security Journal
• /
• 제17권5호
• /
• pp.27-34
• /
• 2017

Network security visualization technique using security alerts provide the administrator with intuitive network security situation by efficiently visualizing a large number of security alerts occurring from the security devices. However, most of these visualization techniques represent events using overlap the timelines of the alerts or Top-N analysis by their frequencies resulting in failing to provide information such as the attack trend, the relationship between attacks, the point of occurrence of attack, and the continuity of the attack. In this paper, we propose an effective visualization technique which intuitively explains the transition of the whole attack and the continuity of individual attacks by arranging the events spirally according to timeline and marking occurrence point and attack type. Furthermore, the relationship between attackers and victims is provided through a single screen view, so that it is possible to comprehensively monitor not only the entire attack situation but also attack type and attack point.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제19권3호
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제30권4호
• /
• pp.693-704
• /
• 2020

As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.

• Journal of Korea Society of Digital Industry and Information Management
• /
• 제11권4호
• /
• pp.47-60
• /
• 2015

In this paper, we propose a simple and useful method using a port role to visualize the network attacks. The port role defines the behavior of the port from the source and destination port number of network session. Based on the port role, the port provides the brief security features of each node as an attacker, a victim, a server, and a normal host. We have automatically classified and identified the type of node based on the port role and security features. We detected and visualized the network attacks using these features of the node by the port role. In addition, we are intended to solve the problems with existing visualization technologies which are the reflection problem caused an undirected network session and the problem caused decreasing of distinct appearance when occurs a large amount of the sessions. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacker, victim, server, and hosts. In addition, by providing a categorized analysis of network attacks, this method can more precisely detect and distinguish them from normal sessions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제24권6호
• /
• pp.1197-1213
• /
• 2014

Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.133-139
• /
• 2023

As the old saying goes "a picture is worth a thousand words" data visualization is essential in almost every industry. Companies make Data-driven decisions and gain insights from visual data. However, there is a need to investigate the role of data visualization in human resource management. This review aims to highlight the power of data visualization in the field of human resources. In addition, visualize the latest trends in the research area of human resource and data visualization by conducting a quantitative method for analysis. The study adopted a literature review on recent publications from 2017 to 2022 to address research questions.

• International Journal of Computer Science & Network Security
• /
• 제23권11호
• /
• pp.162-168
• /
• 2023

As the old saying goes "a picture is worth a thousand words" data visualization is essential in almost every industry. Companies make Data-driven decisions and gain insights from visual data. However, there is a need to investigate the role of data visualization in human resource management. This review aims to highlight the power of data visualization in the field of human resources. In addition, visualize the latest trends in the research area of human resource and data visualization by conducting a bibliometric analysis. The study adopted a literature review on recent publications from 2017 to 2022 to address research questions.